<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>SSF.App.DDoS</title>
  </head>

  <body>
DDoS demo package.

<P>This package provides facilities to set up a DDoS attack scenario in SSFNet simulation. DDoSSession and DDoSSessionRand are the two protocol sesssion implementations of DDoS SYN attacks. The later one chooses hosts to be hijacked randomly.

<P>The package also includes a few preliminary tools used to analyze NetFlow data collected in the DDoS experiments. DestList_x tools are a set of tools that list the suspicious addressses when doing trace back. CD_DDoSTracer is "cross domain DDoS tracer", and it aims at locating the AS from which the attack was launched. SD_DDoSTracer is "single domain DDoS tracer", and it extends the effort of locating the attacker when the attacking AS is located.

<P>SpoofFloodTracer is used to trace the source ASes (domains) of a flooding attack. In this context they are often the domains where DDoS agents locate.

<P>Notice: 
1) To cooperate with the experiment, an extended flow collector: SSF.OS.NetFlow.IpFlowCollectorWD is used. It provides "domain information" that is easy to collect in the real world but not that obviouse even to specify in a simulation.
2) The effort of locating the attacker by analyzing the traffic pattern has its limitaion especially when the attacker is aware of the existence of the such devices and tries to sweep his trails.



    <hr>
    <address><a href="mailto:yuanyg@roach.cs.dartmouth.edu">Yougu Yuan</a></address>
<!-- Created: Mon Jan 28 16:16:24 EST 2002 -->
<!-- hhmts start -->
Last modified: Mon Jan 28 16:30:14 EST 2002
<!-- hhmts end -->
  </body>
</html>
